1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

[Solved] "Spyware Terminator Updater/Shield" Possible Adware?

Discussion in 'Malware Removal Help' started by N3, Nov 11, 2015.

  1. N3

    N3 Registered Members

    Joined:
    Dec 26, 2013
    Messages:
    332
    Operating System:
    Windows 7
    Computer Brand or Motherboard:
    Lenovo
    Thank you.
     
  2. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    If you need it removing manually, just follow this step and post the 2 reports.
    I'll then split the post away so we can work on it for you.

    Note:
    There are both 32-bit and 64-bit versions of Farbar Recovery Scan Tool available. Please pick the version that matches your operating system's bit type.

    If you are unsure what you're system bit type is..... click Here for help.

    For x32 bit systems download Farbar Recovery Scan Tool and save it to your Desktop.

    For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop.

    • Double-click the downloaded icon to run the tool. Vista/Windows 7/8/10 users right-click and select Run As Administrator

      a1e30894cbd1e51d77798ccaebcd6fa0.png
    • When the tool opens click Yes to disclaimer.

      6c81f32e4cfa276b33b2c5b126a03416.png
    • Make sure that Addition.txt is selected at the bottom
    • Press Scan button.

      1b8c7ec40ba5fc57455a82d8388da693.png
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.
     
  3. N3

    N3 Registered Members

    Joined:
    Dec 26, 2013
    Messages:
    332
    Operating System:
    Windows 7
    Computer Brand or Motherboard:
    Lenovo
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
    Ran by N3 (administrator) on N3-PC (11-11-2015 17:50:35)
    Running from C:\Users\N3\Desktop
    Loaded Profiles: N3 (Available Profiles: N3)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
    () C:\Program Files (x86)\Everything\Everything.exe
    () C:\Windows\jmesoft\Service.exe
    (Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\LVPrS64H.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    () C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    (Ruiware) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
    (AVM Software Inc.) C:\Program Files (x86)\Paltalk Messenger\paltalk.exe
    (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Eyeo GmbH) C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe
    (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_19_0_0_245_ActiveX.exe
    () C:\Program Files (x86)\Everything\Everything.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_245.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_245.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11543656 2010-10-26] (Realtek Semiconductor)
    HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5595848 2015-07-08] (ESET)
    HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-26] (Renesas Electronics Corporation)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
    HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\*.bat <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp*.js <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.jse <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar*.js <====== ATTENTION
    HKLM Group Policy restriction on software: *.avi*.js <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt*.bat <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg*.cmd <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx*.jse <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
    HKLM Group Policy restriction on software: *.wav*.cmd <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.bat <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.bat <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub*.jse <====== ATTENTION
    HKLM Group Policy restriction on software: *.avi*.jse <====== ATTENTION
    HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt*.jse <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf*.bat <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv*.cmd <====== ATTENTION
    HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp*.cmd <====== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.cmd <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif*.js <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx*.cmd <====== ATTENTION
    HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif*.bat <====== ATTENTION
    HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*.bat <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Users\*.js <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Users\*.jse <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.cmd <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma*.cmd <====== ATTENTION
    HKLM Group Policy restriction on software: *.png*.cmd <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3*.js <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg*.jse <====== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.avi*.cmd <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z*.cmd <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt*.cmd <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Users\*.bat <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub*.bat <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.bat <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls*.cmd <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4*.bat <====== ATTENTION
    HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar*.bat <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub*.js <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx*.js <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg*.js <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.divx*.jse <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\*.bat <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.divx*.bat <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx*.jse <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.jse <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3*.cmd <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3*.jse <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma*.bat <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\*.js <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*.jse <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.jse <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif*.jse <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif*.cmd <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*\*.jse <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z*.jse <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.bat <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\*.jse <====== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\*.cmd <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg*.cmd <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip*.cmd <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar*.cmd <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.js <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls*.js <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv*.jse <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt*.jse <====== ATTENTION
    HKLM Group Policy restriction on software: *.divx*.js <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx*.bat <====== ATTENTION
    HKLM Group Policy restriction on software: ** <====== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.cmd <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.png*.jse <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4*.jse <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls*.jse <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf*.cmd <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc*.cmd <====== ATTENTION
    HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\*.jse <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*\*.js <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.bat <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx*.cmd <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.js <====== ATTENTION
    HKLM Group Policy restriction on software: *.png*.bat <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls*.bat <====== ATTENTION
    HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\*.js <====== ATTENTION
    HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp*.jse <====== ATTENTION
    HKLM Group Policy restriction on software: *.divx*.cmd <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\*.cmd <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\*.bat <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf*.jse <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv*.bat <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*\*.bat <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar*.jse <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4*.cmd <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg*.js <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf*.bat <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip*.jse <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.jse <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\*.js <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\*.jse <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf*.js <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip*.js <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z*.js <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp*.bat <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx*.bat <====== ATTENTION
    HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*.js <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
    HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma*.js <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg*.bat <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx*.bat <====== ATTENTION
    HKLM Group Policy restriction on software: *.png*.js <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Users\*.cmd <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt*.js <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma*.jse <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv*.js <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt*.bat <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf*.js <====== ATTENTION
    HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip*.bat <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.js <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.avi*.bat <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt*.js <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx*.cmd <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3*.bat <====== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*\*.cmd <====== ATTENTION
    HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg*.bat <====== ATTENTION
    HKLM Group Policy restriction on software: *.wav*.jse <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx*.js <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.bat <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\*.cmd <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc*.bat <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.js <====== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.cmd <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf*.jse <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt*.cmd <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.cmd <====== ATTENTION
    HKLM Group Policy restriction on software: *.wav*.bat <====== ATTENTION
    HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.cmd <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx*.js <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4*.js <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg*.jse <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc*.jse <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION
    HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.js <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*.cmd <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.jse <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc*.js <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
    HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf*.cmd <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z*.bat <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx*.jse <====== ATTENTION
    HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.jse <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub*.cmd <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.js <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.wav*.js <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\flashax10.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\flashax10.exe <====== ATTENTION
    Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-3450983300-2090305916-611037370-1001\...\Run: [Cookienator] => C:\Program Files (x86)\Cookienator\cookienator.exe [1333472 2009-10-18] (CodeFromThe70s.org)
    HKU\S-1-5-21-3450983300-2090305916-611037370-1001\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe [2926800 2015-01-27] ()
    HKU\S-1-5-21-3450983300-2090305916-611037370-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe [1216648 2015-08-05] (Ruiware)
    Startup: C:\Users\N3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk [2015-10-11]
    ShortcutTarget: PalTalk.lnk -> C:\Program Files (x86)\Paltalk Messenger\paltalk.exe (AVM Software Inc.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 23.252.205.6 23.252.205.7 24.238.0.61 8.8.8.8
    Tcpip\..\Interfaces\{4E3AFA52-B4A6-44FF-A8D8-190C996B049A}: [NameServer] 8.26.56.26,156.154.70.22
    Tcpip\..\Interfaces\{8C52405F-49E4-45A7-A623-C9202FCC5E61}: [DhcpNameServer] 10.53.7.10 10.53.7.11
    Tcpip\..\Interfaces\{EABBDE28-E2CE-4D58-8C02-C30ADAF54A04}: [NameServer] 8.26.56.26,156.154.70.22
    Tcpip\..\Interfaces\{EABBDE28-E2CE-4D58-8C02-C30ADAF54A04}: [DhcpNameServer] 23.252.205.6 23.252.205.7 24.238.0.61 8.8.8.8

    Internet Explorer:
    ==================
    HKU\S-1-5-21-3450983300-2090305916-611037370-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LEND&bmod=LEND
    HKU\S-1-5-21-3450983300-2090305916-611037370-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://startpage.com/
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-10-21] (Oracle Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-10-21] (Oracle Corporation)
    BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
    BHO-x32: HelperObject Class -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\SnagIt 7\SnagItBHO.dll [2005-10-14] (TechSmith Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-10-21] (Oracle Corporation)
    BHO-x32: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files (x86)\WOT\WOT.dll [2015-06-09] ()
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-21] (Oracle Corporation)
    BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
    Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll [2015-06-09] ()
    Toolbar: HKLM-x32 - SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 7\SnagItIEAddin.dll [2005-10-14] (TechSmith Corporation)
    Toolbar: HKU\S-1-5-21-3450983300-2090305916-611037370-1001 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
    DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
    Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll [2015-06-09] ()

    FireFox:
    ========
    FF ProfilePath: C:\Users\N3\AppData\Roaming\Mozilla\Firefox\Profiles\pcfp0yyt.default-1445301812080
    FF Homepage: hxxps://www.startpage.com/eng/
    FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-10] ()
    FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-10-21] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-10-21] (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-10] ()
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
    FF Extension: Widevine Media Optimizer - C:\Users\N3\AppData\Roaming\Mozilla\Firefox\Profiles\pcfp0yyt.default-1445301812080\Extensions\{2d3fbcf7-be69-4433-8858-c621a8d0e58d} [2015-11-01] [not signed]
    FF Extension: WOT - C:\Users\N3\AppData\Roaming\Mozilla\Firefox\Profiles\pcfp0yyt.default-1445301812080\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-11-11]
    FF Extension: Adblock Plus Pop-up Addon - C:\Users\N3\AppData\Roaming\Mozilla\Firefox\Profiles\pcfp0yyt.default-1445301812080\Extensions\adblockpopups@jessehakanen.net.xpi [2015-10-19]
    FF Extension: Ghostery - C:\Users\N3\AppData\Roaming\Mozilla\Firefox\Profiles\pcfp0yyt.default-1445301812080\Extensions\firefox@ghostery.com.xpi [2015-11-05]
    FF Extension: Adblock Plus - C:\Users\N3\AppData\Roaming\Mozilla\Firefox\Profiles\pcfp0yyt.default-1445301812080\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-10-19]

    Chrome:
    =======
    CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
    R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1353720 2015-07-08] (ESET)
    R2 Everything; C:\Program Files (x86)\Everything\Everything.exe [1048576 2014-08-05] () [File not signed] <==== ATTENTION
    R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-03-15] () [File not signed]
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
    S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    S2 FoxitCloudUpdateService; "C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe" [X]
    S2 panda_url_filtering; C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filteringb.exe -- [X]

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R0 cbfltfs3; C:\Windows\System32\drivers\cbfltfs3.sys [320192 2015-04-01] (EldoS Corporation)
    R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [255240 2015-07-13] (ESET)
    S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [251632 2015-07-13] (ESET)
    R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [178520 2015-07-13] (ESET)
    R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [168208 2015-07-13] (ESET)
    R1 epp64; C:\Windows\System32\DRIVERS\epp64.sys [135800 2015-06-21] (Emsisoft GmbH)
    R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
    S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
    R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
    R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-11] (Malwarebytes)
    R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
    S3 MDA_NTDRV; C:\windows\system32\MDA_NTDRV.sys [21208 2013-02-25] ()
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 VBAudioVMVAIOMME; C:\Windows\System32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2015-05-18] (Windows (R) Win 7 DDK provider)
    S1 adgnetworktdidrv; system32\drivers\adgnetworktdidrv.sys [X]
    S3 panda_url_filteringd; \??\C:\ProgramData\Panda Security URL Filtering\panda_url_filteringd.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-11-11 17:50 - 2015-11-11 17:50 - 00000362 _____ C:\Users\N3\Desktop\Addition.txt
    2015-11-11 17:49 - 2015-11-11 17:50 - 00041023 _____ C:\Users\N3\Desktop\FRST.txt
    2015-11-11 17:48 - 2015-11-11 17:50 - 00000000 ____D C:\FRST
    2015-11-11 17:46 - 2015-11-11 17:47 - 02198528 _____ (Farbar) C:\Users\N3\Desktop\FRST64.exe
    2015-11-11 16:44 - 2015-11-11 16:44 - 00000299 _____ C:\Users\N3\Desktop\Spyware Terminator UpdaterShield Possible Adware Computer Help Forums - Free PC Help.URL
    2015-11-11 15:38 - 2015-11-11 15:42 - 00000000 ____D C:\Program Files (x86)\Reason
    2015-11-11 15:38 - 2015-11-11 15:40 - 00000000 __SHD C:\windows\SysWOW64\AI_RecycleBin
    2015-11-10 21:45 - 2015-11-11 10:30 - 00000000 ____D C:\Users\N3\AppData\Roaming\WinPatrol
    2015-11-10 21:45 - 2015-11-10 22:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
    2015-11-10 21:45 - 2015-11-10 22:09 - 00000000 ____D C:\ProgramData\InstallMate
    2015-11-10 21:45 - 2015-11-10 21:45 - 00000000 ____D C:\Program Files (x86)\Ruiware
    2015-11-10 18:17 - 2015-11-10 18:17 - 00002017 _____ C:\Users\Public\Desktop\SnagIt 7.lnk
    2015-11-10 18:17 - 2015-11-10 18:17 - 00000000 ____D C:\Users\N3\Documents\SnagIt Catalog
    2015-11-10 18:17 - 2015-11-10 18:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SnagIt 7
    2015-11-10 18:17 - 2015-11-10 18:17 - 00000000 ____D C:\Program Files (x86)\TechSmith
    2015-11-10 15:22 - 2015-11-10 15:22 - 00000000 ____D C:\Users\N3\AppData\Local\CEF
    2015-11-10 14:57 - 2015-11-10 14:57 - 00000255 _____ C:\Users\N3\Desktop\A portable Quad for 2 Meters - 2m-quad-wa9gdz.pdf.URL
    2015-11-10 12:03 - 2015-11-10 12:03 - 00000247 _____ C:\Users\N3\Desktop\An Indoor VHF Delta Loop.URL
    2015-11-06 22:08 - 2015-11-06 22:08 - 00000000 ____D C:\ProgramData\Office Genuine Advantage
    2015-11-05 05:33 - 2015-10-20 13:42 - 03168768 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
    2015-11-05 05:33 - 2015-10-20 13:42 - 02608128 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
    2015-11-05 05:33 - 2015-10-20 13:42 - 00696320 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
    2015-11-05 05:33 - 2015-10-20 13:42 - 00192512 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
    2015-11-05 05:33 - 2015-10-20 13:42 - 00098816 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
    2015-11-05 05:33 - 2015-10-20 13:42 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
    2015-11-05 05:33 - 2015-10-20 13:42 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
    2015-11-05 05:33 - 2015-10-20 13:41 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
    2015-11-05 05:33 - 2015-10-20 13:41 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
    2015-11-05 05:33 - 2015-10-20 13:41 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
    2015-11-05 05:33 - 2015-10-20 13:41 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
    2015-11-05 05:33 - 2015-10-20 12:46 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
    2015-11-05 05:33 - 2015-10-20 12:46 - 00174080 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
    2015-11-05 05:33 - 2015-10-20 12:46 - 00093696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
    2015-11-05 05:33 - 2015-10-20 12:46 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
    2015-11-05 05:33 - 2015-10-20 12:45 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
    2015-11-04 02:04 - 2015-11-11 16:05 - 00017804 _____ C:\windows\PFRO.log
    2015-11-04 02:04 - 2015-11-11 16:05 - 00003976 _____ C:\windows\setupact.log
    2015-11-04 02:04 - 2015-11-04 02:04 - 00000000 _____ C:\windows\setuperr.log
    2015-11-03 20:26 - 2015-11-03 20:26 - 00000266 _____ C:\Users\N3\Desktop\Dr. Joshua Gottsegen, Cardiology.URL
    2015-11-03 14:58 - 2015-11-03 17:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2015-11-03 04:26 - 2015-11-03 04:27 - 00000000 ____D C:\Program Files (x86)\MWSnap
    2015-11-03 04:26 - 2015-11-03 04:26 - 00000919 _____ C:\Users\N3\Desktop\MWSnap 3.lnk
    2015-11-03 04:26 - 2015-11-03 04:26 - 00000000 ____D C:\Users\N3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MWSnap
    2015-11-03 04:26 - 2015-11-03 04:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MWSnap
    2015-11-02 19:10 - 2015-11-02 19:10 - 00000000 ____D C:\Program Files (x86)\Wise
    2015-10-31 22:09 - 2015-10-31 22:09 - 00000245 _____ C:\Users\N3\Desktop\Phil Foster Park.URL
    2015-10-22 08:49 - 2015-10-22 08:49 - 00000250 _____ C:\Users\N3\Desktop\Dental Forums and Dental Message Boards.URL
    2015-10-22 08:48 - 2015-10-22 08:48 - 00000265 _____ C:\Users\N3\Desktop\Dentistry Forum.URL
    2015-10-21 03:37 - 2015-10-21 03:37 - 23752992 _____ (SUPERAntiSpyware) C:\Users\N3\Downloads\SUPERAntiSpyware.exe
    2015-10-20 04:21 - 2015-11-08 02:02 - 00000000 ___RD C:\Users\N3\Desktop\Misc. Search Engines
    2015-10-16 07:51 - 2015-10-16 07:51 - 00000254 _____ C:\Users\N3\Desktop\Preferred Dental (PPO) by CareFirst BlueCross BlueShield.URL
    2015-10-13 13:09 - 2015-09-18 13:58 - 00345688 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
    2015-10-13 13:09 - 2015-09-15 23:36 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
    2015-10-13 13:09 - 2015-09-15 23:21 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
    2015-10-13 13:09 - 2015-09-15 23:13 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
    2015-10-13 13:09 - 2015-09-15 23:08 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
    2015-10-13 13:09 - 2015-09-15 22:58 - 20357632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
    2015-10-13 13:09 - 2015-09-15 22:50 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
    2015-10-13 13:09 - 2015-09-15 22:33 - 00504832 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
    2015-10-13 13:09 - 2015-09-15 22:32 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
    2015-10-13 13:09 - 2015-09-15 22:31 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
    2015-10-13 13:09 - 2015-09-15 22:29 - 00720896 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
    2015-10-13 13:09 - 2015-09-15 22:10 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
    2015-10-13 13:09 - 2015-09-15 22:06 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
    2015-10-13 13:09 - 2015-09-15 22:05 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
    2015-10-13 13:09 - 2015-09-15 22:04 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
    2015-10-13 13:09 - 2015-09-15 21:56 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
    2015-10-13 13:09 - 2015-09-15 21:34 - 01311232 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
    2015-10-13 13:09 - 2015-08-06 13:04 - 14176768 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
    2015-10-13 13:09 - 2015-08-06 13:03 - 01866752 _____ (Microsoft Corporation) C:\windows\system32\ExplorerFrame.dll
    2015-10-13 13:09 - 2015-08-06 12:44 - 12875776 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
    2015-10-13 13:09 - 2015-08-06 12:44 - 01498624 _____ (Microsoft Corporation) C:\windows\SysWOW64\ExplorerFrame.dll
    2015-10-13 13:08 - 2015-09-18 14:31 - 00391784 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
    2015-10-13 13:08 - 2015-09-15 23:48 - 25851904 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
    2015-10-13 13:08 - 2015-09-15 23:36 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
    2015-10-13 13:08 - 2015-09-15 23:22 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
    2015-10-13 13:08 - 2015-09-15 23:21 - 02886656 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
    2015-10-13 13:08 - 2015-09-15 23:21 - 00585728 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
    2015-10-13 13:08 - 2015-09-15 23:21 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
    2015-10-13 13:08 - 2015-09-15 23:21 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
    2015-10-13 13:08 - 2015-09-15 23:14 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
    2015-10-13 13:08 - 2015-09-15 23:10 - 00616960 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
    2015-10-13 13:08 - 2015-09-15 23:09 - 05990912 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
    2015-10-13 13:08 - 2015-09-15 23:08 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
    2015-10-13 13:08 - 2015-09-15 23:08 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
    2015-10-13 13:08 - 2015-09-15 23:08 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
    2015-10-13 13:08 - 2015-09-15 23:01 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
    2015-10-13 13:08 - 2015-09-15 22:58 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
    2015-10-13 13:08 - 2015-09-15 22:46 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
    2015-10-13 13:08 - 2015-09-15 22:45 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
    2015-10-13 13:08 - 2015-09-15 22:45 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
    2015-10-13 13:08 - 2015-09-15 22:43 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
    2015-10-13 13:08 - 2015-09-15 22:41 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
    2015-10-13 13:08 - 2015-09-15 22:33 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
    2015-10-13 13:08 - 2015-09-15 22:32 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
    2015-10-13 13:08 - 2015-09-15 22:31 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
    2015-10-13 13:08 - 2015-09-15 22:29 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
    2015-10-13 13:08 - 2015-09-15 22:28 - 02279936 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
    2015-10-13 13:08 - 2015-09-15 22:28 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
    2015-10-13 13:08 - 2015-09-15 22:26 - 02126336 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
    2015-10-13 13:08 - 2015-09-15 22:26 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
    2015-10-13 13:08 - 2015-09-15 22:26 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
    2015-10-13 13:08 - 2015-09-15 22:24 - 00480256 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
    2015-10-13 13:08 - 2015-09-15 22:23 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
    2015-10-13 13:08 - 2015-09-15 22:22 - 14458368 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
    2015-10-13 13:08 - 2015-09-15 22:22 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
    2015-10-13 13:08 - 2015-09-15 22:22 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
    2015-10-13 13:08 - 2015-09-15 22:15 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
    2015-10-13 13:08 - 2015-09-15 22:11 - 02487808 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
    2015-10-13 13:08 - 2015-09-15 22:07 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
    2015-10-13 13:08 - 2015-09-15 22:05 - 04527616 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
    2015-10-13 13:08 - 2015-09-15 21:59 - 01546752 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
    2015-10-13 13:08 - 2015-09-15 21:58 - 12853760 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
    2015-10-13 13:08 - 2015-09-15 21:58 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
    2015-10-13 13:08 - 2015-09-15 21:55 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
    2015-10-13 13:08 - 2015-09-15 21:55 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
    2015-10-13 13:08 - 2015-09-15 21:48 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
    2015-10-13 13:08 - 2015-09-15 21:37 - 02011136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
    2015-10-13 13:08 - 2015-09-15 21:32 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
    2015-10-13 13:07 - 2015-10-01 13:06 - 00692672 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
    2015-10-13 13:07 - 2015-10-01 13:04 - 00616360 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
    2015-10-13 13:07 - 2015-10-01 13:00 - 00147456 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
    2015-10-13 13:07 - 2015-10-01 13:00 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
    2015-10-13 13:07 - 2015-10-01 13:00 - 00059392 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
    2015-10-13 13:07 - 2015-10-01 13:00 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
    2015-10-13 13:07 - 2015-10-01 13:00 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
    2015-10-13 13:07 - 2015-10-01 12:50 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
    2015-10-13 13:07 - 2015-10-01 12:00 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
    2015-10-13 13:07 - 2015-09-28 22:16 - 05569472 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
    2015-10-13 13:07 - 2015-09-28 22:13 - 01730496 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
    2015-10-13 13:07 - 2015-09-28 22:11 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
    2015-10-13 13:07 - 2015-09-28 22:11 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
    2015-10-13 13:07 - 2015-09-28 22:11 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
    2015-10-13 13:07 - 2015-09-28 22:11 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
    2015-10-13 13:07 - 2015-09-28 22:11 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
    2015-10-13 13:07 - 2015-09-28 22:11 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
    2015-10-13 13:07 - 2015-09-28 22:11 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
    2015-10-13 13:07 - 2015-09-28 22:11 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
    2015-10-13 13:07 - 2015-09-28 22:10 - 01216512 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
    2015-10-13 13:07 - 2015-09-28 22:10 - 01164800 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
    2015-10-13 13:07 - 2015-09-28 22:10 - 00729088 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
    2015-10-13 13:07 - 2015-09-28 22:10 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
    2015-10-13 13:07 - 2015-09-28 22:10 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
    2015-10-13 13:07 - 2015-09-28 22:10 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
    2015-10-13 13:07 - 2015-09-28 22:10 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
    2015-10-13 13:07 - 2015-09-28 22:10 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
    2015-10-13 13:07 - 2015-09-28 22:10 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
    2015-10-13 13:07 - 2015-09-28 22:10 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
    2015-10-13 13:07 - 2015-09-28 22:10 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
    2015-10-13 13:07 - 2015-09-28 22:09 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
    2015-10-13 13:07 - 2015-09-28 22:09 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
    2015-10-13 13:07 - 2015-09-28 22:05 - 03990976 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
    2015-10-13 13:07 - 2015-09-28 22:05 - 03936192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
    2015-10-13 13:07 - 2015-09-28 22:05 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
    2015-10-13 13:07 - 2015-09-28 22:05 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
    2015-10-13 13:07 - 2015-09-28 22:02 - 01311768 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
    2015-10-13 13:07 - 2015-09-28 22:01 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
    2015-10-13 13:07 - 2015-09-28 22:01 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
    2015-10-13 13:07 - 2015-09-28 22:01 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2015-10-13 13:07 - 2015-09-28 22:01 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
    2015-10-13 13:07 - 2015-09-28 22:01 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2015-10-13 13:07 - 2015-09-28 22:01 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2015-10-13 13:07 - 2015-09-28 22:01 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-10-13 13:07 - 2015-09-28 22:01 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2015-10-13 13:07 - 2015-09-28 22:01 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2015-10-13 13:07 - 2015-09-28 22:01 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2015-10-13 13:07 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-10-13 13:07 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-10-13 13:07 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-10-13 13:07 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2015-10-13 13:07 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2015-10-13 13:07 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-10-13 13:07 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2015-10-13 13:07 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2015-10-13 13:07 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    2015-10-13 13:07 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
    2015-10-13 13:07 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2015-10-13 13:07 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
    2015-10-13 13:07 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2015-10-13 13:07 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2015-10-13 13:07 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2015-10-13 13:07 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-10-13 13:07 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2015-10-13 13:07 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2015-10-13 13:07 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2015-10-13 13:07 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
    2015-10-13 13:07 - 2015-09-28 21:59 - 00552960 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
    2015-10-13 13:07 - 2015-09-28 21:59 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
    2015-10-13 13:07 - 2015-09-28 21:59 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
    2015-10-13 13:07 - 2015-09-28 21:59 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
    2015-10-13 13:07 - 2015-09-28 21:59 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
    2015-10-13 13:07 - 2015-09-28 21:59 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
    2015-10-13 13:07 - 2015-09-28 21:58 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
    2015-10-13 13:07 - 2015-09-28 21:58 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
    2015-10-13 13:07 - 2015-09-28 21:58 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
    2015-10-13 13:07 - 2015-09-28 21:58 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
    2015-10-13 13:07 - 2015-09-28 21:57 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
    2015-10-13 13:07 - 2015-09-28 21:57 - 00665088 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
    2015-10-13 13:07 - 2015-09-28 21:57 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
    2015-10-13 13:07 - 2015-09-28 21:57 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
    2015-10-13 13:07 - 2015-09-28 21:53 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
    2015-10-13 13:07 - 2015-09-28 21:53 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
    2015-10-13 13:07 - 2015-09-28 21:49 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
    2015-10-13 13:07 - 2015-09-28 21:49 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
    2015-10-13 13:07 - 2015-09-28 21:49 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2015-10-13 13:07 - 2015-09-28 21:49 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2015-10-13 13:07 - 2015-09-28 21:49 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-10-13 13:07 - 2015-09-28 21:49 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2015-10-13 13:07 - 2015-09-28 21:49 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2015-10-13 13:07 - 2015-09-28 21:49 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2015-10-13 13:07 - 2015-09-28 21:49 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2015-10-13 13:07 - 2015-09-28 21:49 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-10-13 13:07 - 2015-09-28 21:49 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-10-13 13:07 - 2015-09-28 21:49 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2015-10-13 13:07 - 2015-09-28 21:49 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-10-13 13:07 - 2015-09-28 21:49 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2015-10-13 13:07 - 2015-09-28 21:49 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2015-10-13 13:07 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2015-10-13 13:07 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-10-13 13:07 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2015-10-13 13:07 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2015-10-13 13:07 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2015-10-13 13:07 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2015-10-13 13:07 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-10-13 13:07 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2015-10-13 13:07 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2015-10-13 13:07 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2015-10-13 13:07 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2015-10-13 13:07 - 2015-09-28 20:50 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
    2015-10-13 13:07 - 2015-09-28 20:49 - 00290816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
    2015-10-13 13:07 - 2015-09-28 20:49 - 00129024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
    2015-10-13 13:07 - 2015-09-28 20:43 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
    2015-10-13 13:07 - 2015-09-28 20:43 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
    2015-10-13 13:07 - 2015-09-28 20:40 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2015-10-13 13:07 - 2015-09-28 20:40 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2015-10-13 13:07 - 2015-09-28 20:40 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2015-10-13 13:07 - 2015-09-28 20:40 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2015-10-13 13:07 - 2015-09-15 13:17 - 00157016 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
    2015-10-13 13:07 - 2015-09-15 13:17 - 00097112 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
    2015-10-13 13:07 - 2015-09-15 13:11 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
    2015-10-13 13:07 - 2015-09-15 13:11 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
    2015-10-13 13:07 - 2015-09-15 13:11 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
    2015-10-13 13:07 - 2015-09-15 13:11 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
    2015-10-13 13:07 - 2015-09-15 13:11 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
    2015-10-13 13:07 - 2015-09-15 13:11 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
    2015-10-13 13:07 - 2015-09-15 13:10 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
    2015-10-13 13:07 - 2015-09-15 12:36 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
    2015-10-13 13:07 - 2015-09-15 12:36 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
    2015-10-13 13:07 - 2015-09-15 12:36 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
    2015-10-13 13:07 - 2015-09-15 12:35 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-11-11 17:50 - 2015-07-24 07:52 - 00000000 ____D C:\Users\N3\AppData\Local\CrashDumps
    2015-11-11 17:44 - 2015-06-28 09:55 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
    2015-11-11 17:16 - 2015-05-14 06:13 - 00000000 ____D C:\Users\N3\AppData\Roaming\Everything
    2015-11-11 16:58 - 2015-07-17 14:43 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
    2015-11-11 16:51 - 2015-04-06 02:05 - 00000000 ____D C:\Users\N3\AppData\LocalLow\Adblock Plus for IE
    2015-11-11 16:34 - 2011-09-03 02:38 - 01881142 _____ C:\windows\WindowsUpdate.log
    2015-11-11 16:13 - 2009-07-13 23:45 - 00028336 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-11-11 16:13 - 2009-07-13 23:45 - 00028336 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-11-11 16:09 - 2009-07-14 00:13 - 00782228 _____ C:\windows\system32\PerfStringBackup.INI
    2015-11-11 16:05 - 2015-03-13 14:50 - 00000000 _____ C:\windows\system32\Drivers\lvuvc.hs
    2015-11-11 16:05 - 2011-09-03 02:59 - 00138031 _____ C:\windows\system32\fastboot.set
    2015-11-11 16:05 - 2009-07-14 00:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
    2015-11-11 15:52 - 2015-03-22 21:16 - 00000472 _____ C:\Users\N3\Desktop\YouTube.website
    2015-11-11 05:26 - 2015-03-14 05:52 - 00000000 ____D C:\Users\N3\AppData\Roaming\Skype
    2015-11-10 22:58 - 2015-07-17 14:43 - 00780488 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
    2015-11-10 22:58 - 2015-07-17 14:43 - 00142536 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-11-10 22:58 - 2015-07-17 14:43 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
    2015-11-10 21:11 - 2015-03-19 17:44 - 00000000 ____D C:\Users\N3\AppData\Roaming\go
    2015-11-10 18:48 - 2015-03-15 23:58 - 00004336 _____ C:\Users\N3\Desktop\DesktopOK.ini
    2015-11-10 07:32 - 2015-06-30 09:20 - 00000492 _____ C:\Users\N3\Desktop\Craigslist Account.website
    2015-11-10 01:24 - 2015-03-19 17:44 - 00000000 ____D C:\ProgramData\GameXN
    2015-11-10 00:54 - 2015-03-14 16:20 - 00000000 ____D C:\Users\N3\Documents\My Received Files
    2015-11-09 23:48 - 2009-07-14 00:08 - 00032550 _____ C:\windows\Tasks\SCHEDLGU.TXT
    2015-11-08 22:53 - 2015-09-18 08:13 - 00000531 _____ C:\Users\N3\Desktop\Facebook.website
    2015-11-07 17:14 - 2009-07-13 22:20 - 00000000 ____D C:\windows\rescache
    2015-11-06 20:43 - 2015-07-28 22:51 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2015-11-06 20:26 - 2015-06-28 09:55 - 00109272 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
    2015-11-06 20:26 - 2011-09-03 03:03 - 00000000 ____D C:\ProgramData\Temp
    2015-11-06 20:25 - 2015-03-13 17:14 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
    2015-11-06 20:19 - 2015-07-21 16:49 - 00000000 ____D C:\Users\N3\AppData\Roaming\Paltalk
    2015-11-05 21:09 - 2015-03-13 17:29 - 00000000 ___RD C:\Users\N3\Desktop\File Cleaners
    2015-11-04 14:45 - 2015-03-13 00:05 - 00000000 ____D C:\Users\N3\Desktop\Computer Information
    2015-11-03 20:10 - 2011-02-12 14:33 - 00000000 ____D C:\windows\Panther
    2015-11-03 20:02 - 2015-03-15 21:09 - 00000000 ____D C:\Users\N3\AppData\Roaming\Jarte
    2015-11-03 17:12 - 2015-07-19 07:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2015-11-03 04:37 - 2015-03-24 12:42 - 00000000 ____D C:\Users\N3\AppData\Roaming\Bluefive software
    2015-11-03 03:35 - 2015-03-12 14:35 - 00000000 ____D C:\Users\N3\AppData\Local\VirtualStore
    2015-11-01 05:46 - 2015-03-13 17:23 - 00000000 ___RD C:\Users\N3\Desktop\Malware Cleaners
    2015-10-31 20:21 - 2015-05-13 17:39 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2015-10-31 20:20 - 2015-05-13 17:40 - 00003886 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
    2015-10-31 10:01 - 2015-03-13 09:13 - 00000000 ___RD C:\Users\N3\Desktop\Email
    2015-10-26 20:56 - 2015-08-10 14:33 - 00000404 _____ C:\Users\N3\AppData\Roaming\_
    2015-10-26 10:07 - 2015-03-15 22:14 - 00000000 ____D C:\Users\N3\Desktop\Hobbies & Interests
    2015-10-24 14:04 - 2015-09-23 14:51 - 00000000 ____D C:\Users\N3\AppData\Roaming\SoftGrid Client
    2015-10-23 03:50 - 2015-04-06 02:05 - 00000000 ____D C:\Program Files\Adblock Plus for IE
    2015-10-23 03:47 - 2015-03-14 05:52 - 00000000 ____D C:\ProgramData\Skype
    2015-10-21 09:46 - 2015-07-16 12:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2015-10-21 09:46 - 2015-07-16 12:02 - 00000000 ____D C:\Program Files\Java
    2015-10-21 09:41 - 2015-08-19 09:27 - 00000000 ____D C:\Users\N3\.oracle_jre_usage
    2015-10-21 09:41 - 2015-07-16 12:02 - 00110176 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
    2015-10-21 03:47 - 2015-09-24 12:33 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2015-10-21 03:45 - 2015-03-13 21:16 - 00000000 ____D C:\ProgramData\Oracle
    2015-10-21 03:42 - 2015-08-11 21:24 - 00000000 ____D C:\Program Files (x86)\Java
    2015-10-17 06:14 - 2015-03-13 17:26 - 00000000 ____D C:\EEK
    2015-10-15 19:29 - 2015-03-12 14:35 - 00000000 ____D C:\Users\N3
    2015-10-15 19:28 - 2009-07-13 22:20 - 00000000 ____D C:\windows\registration
    2015-10-13 13:22 - 2015-03-12 18:56 - 00000000 ____D C:\windows\system32\MRT
    2015-10-13 13:21 - 2015-03-12 18:56 - 143481208 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
    2015-10-13 04:36 - 2015-06-28 09:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-10-13 04:36 - 2015-06-28 09:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware

    ==================== Files in the root of some directories =======

    2015-08-10 14:33 - 2015-10-26 20:56 - 0000404 _____ () C:\Users\N3\AppData\Roaming\_
    2015-07-24 05:55 - 2015-07-24 05:55 - 0041090 _____ () C:\ProgramData\1437735347.bdinstall.bin
    2015-07-24 05:58 - 2015-07-24 05:58 - 0036717 _____ () C:\ProgramData\1437735520.bdinstall.bin
    2015-07-24 05:59 - 2015-07-24 05:59 - 0096588 _____ () C:\ProgramData\1437735526.bdinstall.bin
    2011-09-03 02:58 - 2011-09-03 02:58 - 1914000 _____ (Adobe Systems Incorporated) C:\ProgramData\flashax10.exe
    2015-04-05 12:02 - 2015-04-15 19:55 - 0000263 _____ () C:\ProgramData\fontcacheev1.dat

    Files to move or delete:
    ====================
    C:\ProgramData\flashax10.exe
    C:\ProgramData\fontcacheev1.dat


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\windows\system32\winlogon.exe => File is digitally signed
    C:\windows\system32\wininit.exe => File is digitally signed
    C:\windows\SysWOW64\wininit.exe => File is digitally signed
    C:\windows\explorer.exe => File is digitally signed
    C:\windows\SysWOW64\explorer.exe => File is digitally signed
    C:\windows\system32\svchost.exe => File is digitally signed
    C:\windows\SysWOW64\svchost.exe => File is digitally signed
    C:\windows\system32\services.exe => File is digitally signed
    C:\windows\system32\User32.dll => File is digitally signed
    C:\windows\SysWOW64\User32.dll => File is digitally signed
    C:\windows\system32\userinit.exe => File is digitally signed
    C:\windows\SysWOW64\userinit.exe => File is digitally signed
    C:\windows\system32\rpcss.dll => File is digitally signed
    C:\windows\system32\dnsapi.dll => File is digitally signed
    C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-11-10 02:46

    ==================== End of FRST.txt ============================
     
  4. N3

    N3 Registered Members

    Joined:
    Dec 26, 2013
    Messages:
    332
    Operating System:
    Windows 7
    Computer Brand or Motherboard:
    Lenovo
    Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-11-2015
    Ran by N3 (2015-11-11 17:50:53)
    Running from C:\Users\N3\Desktop
    Windows 7 Home Premium Service Pack 1 (X64) (2015-03-12 19:35:00)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3450983300-2090305916-611037370-500 - Administrator - Disabled)
    Guest (S-1-5-21-3450983300-2090305916-611037370-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3450983300-2090305916-611037370-1003 - Limited - Enabled)
    N3 (S-1-5-21-3450983300-2090305916-611037370-1001 - Administrator - Enabled) => C:\Users\N3

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    AccountService (Version: 1.1.66 - Kromtech) Hidden <==== ATTENTION
    Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{0F347A49-E36C-4639-8D2E-003AD408B8B2}) (Version: 1.5 - Eyeo GmbH)
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20077 - Adobe Systems Incorporated)
    Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
    Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
    Amazon Kindle (HKU\S-1-5-21-3450983300-2090305916-611037370-1001\...\Amazon Kindle) (Version: - Amazon)
    Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
    Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
    Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
    Cookienator (HKLM-x32\...\{BF307EDA-A176-4D83-9775-D337810CF7A7}) (Version: 2.6.41 - CodeFromThe70s.org)
    CryptoPrevent (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version: - Foolish IT LLC)
    EchoLink (HKLM-x32\...\{DC33421C-0E1C-470A-BE37-7B7C82677812}) (Version: 2.0.908 - Synergenics, LLC)
    erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
    ESET NOD32 Antivirus (HKLM\...\{5F2AE448-CD4B-40BD-B245-5F0CD06A09B0}) (Version: 8.0.319.0 - ESET, spol s r. o.)
    Everything 1.3.4.686 (x86) (HKLM-x32\...\Everything) (Version: - )
    FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version: - FileHippo.com)
    GameXN GO (HKU\S-1-5-21-3450983300-2090305916-611037370-1001\...\Game Organizer) (Version: - GameXN AS)
    Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
    Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 15.4 - Intel)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
    Jarte 5.3 (HKLM-x32\...\Jarte_is1) (Version: 5.3 - Carolina Road Software L.L.C.)
    Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
    Java 8 Update 66 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418066F0}) (Version: 8.0.660.17 - Oracle Corporation)
    jv16 PowerTools 1.3 (HKLM-x32\...\jv16 PowerTools_is1) (Version: - )
    Lenovo Driver and Application Installation (HKLM-x32\...\{45970CD1-D599-47D4-938F-3E9800D54ED1}) (Version: 5.10.1809 - Lenovo)
    Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.6 - Lenovo)
    Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 3.0.1409 - CyberLink Corp.)
    Lenovo Rescue System (Version: 3.0.1409 - CyberLink Corp.) Hidden
    Lenovo Tinian Fn PS/2 Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.0.11.0321 - Lenovo)
    Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
    Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
    Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
    MWSnap 3 (HKLM-x32\...\MWSnap 3) (Version: 3.0.0.74 - Mirek Wojtowicz)
    Paltalk Messenger 11.7 (HKLM-x32\...\Paltalk Messenger) (Version: 11.7.622.17694 - AVM Software Inc.)
    PPM Mini Version 1.50 (HKLM-x32\...\{016A5847-9535-481D-8278-ECAFFDF959FF}_is1) (Version: - Darkwood Designs)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6230 - Realtek Semiconductor Corp.)
    Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30123 - Realtek Semiconductor Corp.)
    REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.0159 - )
    Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.26.0 - Renesas Electronics Corporation)
    Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.26.0 - Renesas Electronics Corporation) Hidden
    Revo Uninstaller Pro 2.5.9 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 2.5.9 - VS Revo Group, Ltd.)
    Roxio BackOnTrack (HKLM-x32\...\{32F9BACF-FCD3-4B6A-AD85-255A449B6FA5}) (Version: 1.3.1 - Roxio)
    Skypeâ„¢ 7.13 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.13.101 - Skype Technologies S.A.)
    SnagIt 7 (HKLM-x32\...\{4360BB46-507E-4361-8DCB-4FF9BDC9907B}) (Version: 7.2.5 - TechSmith Corporation)
    SpywareBlaster 5.2 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.2.0 - BrightFort LLC)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1206 - SUPERAntiSpyware.com)
    ThemeWallpaper (HKLM-x32\...\{F29CBF73-C211-4616-898A-379A2679F990}) (Version: 1.2.0.101108 - Lenovo)
    WinPatrol (HKLM-x32\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.6.2015.18 - Ruiware)
    Wise Program Uninstaller 1.81 (HKLM-x32\...\Wise Program Uninstaller_is1) (Version: 1.81 - WiseCleaner.com, Inc.)
    WOT for Internet Explorer (HKLM-x32\...\{373B90E1-A28C-434C-92B6-7281AFA6115A}) (Version: 15.6.9.0 - WOT Services Oy)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Restore Points =========================

    05-11-2015 05:33:15 Windows Update
    05-11-2015 21:08:46 Revo Uninstaller Pro's restore point - CCleaner
    09-11-2015 00:38:35 Revo Uninstaller Pro's restore point - Easy Checkers
    09-11-2015 23:37:07 Installed SnagIt 7
    09-11-2015 23:50:20 Installed SnagIt 7
    10-11-2015 18:16:50 Installed SnagIt 7
    10-11-2015 21:14:46 Revo Uninstaller Pro's restore point - CCleaner
    10-11-2015 21:31:01 Revo Uninstaller Pro's restore point - WinPatrol
    10-11-2015 21:31:25 Revo Uninstaller Pro's restore point - WinPatrol
    10-11-2015 21:36:40 Revo Uninstaller Pro's restore point - winpatrol
    10-11-2015 22:25:45 Revo Uninstaller Pro's restore point - spyware terminator
    11-11-2015 10:39:43 Revo Uninstaller Pro's restore point - CCleaner
    11-11-2015 15:37:51 Installed Should I Remove It
    11-11-2015 15:40:14 Removed Should I Remove It
    11-11-2015 15:41:18 Revo Uninstaller Pro's restore point - should i remove it
    11-11-2015 15:50:56 Revo Uninstaller Pro's restore point - Spyware Terminator 2015
    11-11-2015 15:54:52 Revo Uninstaller Pro's restore point - Spyware Terminator
    11-11-2015 16:15:15 Revo Uninstaller Pro's restore point - spyware terminator driver filter
    11-11-2015 17:16:47 Revo Uninstaller Pro's restore point - Crawler LLC

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 21:34 - 2015-08-07 10:28 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {1261DF83-0C5F-47F1-ADC0-9F4751907DA1} - System32\Tasks\WiseCleaner\WPUSkipUAC => C:\Program Files (x86)\Wise\Wise Program Uninstaller\WiseProgramUninstaller.exe [2015-10-09] (WiseCleaner.com)
    Task: {2EB91421-D9EB-47C2-AB23-7C3E46DA6A9A} - System32\Tasks\Disconnect Desktop Updater => C:\Program Files (x86)\Disconnect\Disconnect Desktop\Disconnect Desktop Updater.exe
    Task: {4BFE855E-E9D0-4FA6-88AD-8DA325FCCE28} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-10] (Adobe Systems Incorporated)
    Task: {51FAACB9-F17D-458D-A2A5-877294FD4E33} - \CryptoMonitor_SU -> No File <==== ATTENTION
    Task: {677E7D26-1D17-49D2-8B5C-F44408C4605F} - System32\Tasks\{0DA9699C-E74E-4D58-862A-2A9880E2D812} => C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
    Task: {7E51568F-A5C5-4E46-9621-C1D7846334F6} - \{38357D1D-4334-4C36-B8B4-660BA9F1D0A1} -> No File <==== ATTENTION
    Task: {841CC7E8-B8A6-4416-9D18-006E2334B5B3} - \{CB4753C3-2AFC-4EA2-80F3-ED8F7C28D6A6} -> No File <==== ATTENTION
    Task: {89EFED27-D4AC-41A3-960C-3134141B0C12} - System32\Tasks\{5D76FE31-323D-4C60-88AC-F15BDB83D8E4} => C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
    Task: {8EBC84A6-59FB-44F9-A501-20635963CDC9} - System32\Tasks\CryptoPrevent Update => C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPrevent.exe [2015-04-10] (Foolish IT LLC)
    Task: {D1C4E7DF-B6A7-476D-AEAC-104D832D03F0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2015-05-14 06:13 - 2014-08-05 20:01 - 01048576 _____ () C:\Program Files (x86)\Everything\Everything.exe
    2011-09-03 02:41 - 2011-03-15 22:47 - 00032768 _____ () C:\Windows\jmesoft\Service.exe
    2015-06-01 20:00 - 2015-06-01 20:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2015-01-27 07:18 - 2015-01-27 07:18 - 02926800 _____ () C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe
    2015-07-21 16:49 - 2015-03-27 11:24 - 38713856 _____ () C:\Program Files (x86)\Paltalk Messenger\libcef.dll
    2015-07-21 16:49 - 2015-10-05 16:26 - 02219008 _____ () C:\Program Files (x86)\Paltalk Messenger\Images.dll
    2015-06-09 08:44 - 2015-06-09 08:44 - 01842688 _____ () C:\Program Files (x86)\WOT\WOT.dll
    2015-11-10 22:58 - 2015-11-10 22:58 - 17604296 _____ () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\ProgramData\Temp:5C321E34
    AlternateDataStreams: C:\Users\N3\Desktop\Facebook.website:TASKICON_0news-1751121550
    AlternateDataStreams: C:\Users\N3\Desktop\Facebook.website:TASKICON_1messages-431041656
    AlternateDataStreams: C:\Users\N3\Desktop\Facebook.website:TASKICON_2events-250898981
    AlternateDataStreams: C:\Users\N3\Desktop\Facebook.website:TASKICON_3friends-215113587

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptoPreventEventSvc => ""="Service"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\S-1-5-21-3450983300-2090305916-611037370-1001\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-3450983300-2090305916-611037370-1001\...\008k.com -> 008k.com
    IE restricted site: HKU\S-1-5-21-3450983300-2090305916-611037370-1001\...\00hq.com -> 00hq.com
    IE restricted site: HKU\S-1-5-21-3450983300-2090305916-611037370-1001\...\0190-dialers.com -> 0190-dialers.com
    IE restricted site: HKU\S-1-5-21-3450983300-2090305916-611037370-1001\...\01i.info -> 01i.info
    IE restricted site: HKU\S-1-5-21-3450983300-2090305916-611037370-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
    IE restricted site: HKU\S-1-5-21-3450983300-2090305916-611037370-1001\...\0411dd.com -> 0411dd.com
    IE restricted site: HKU\S-1-5-21-3450983300-2090305916-611037370-1001\...\0511zfhl.com -> 0511zfhl.com
    IE restricted site: HKU\S-1-5-21-3450983300-2090305916-611037370-1001\...\05p.com -> 05p.com
    IE restricted site: HKU\S-1-5-21-3450983300-2090305916-611037370-1001\...\0632qyw.com -> 0632qyw.com
    IE restricted site: HKU\S-1-5-21-3450983300-2090305916-611037370-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
    IE restricted site: HKU\S-1-5-21-3450983300-2090305916-611037370-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
    IE restricted site: HKU\S-1-5-21-3450983300-2090305916-611037370-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
    IE restricted site: HKU\S-1-5-21-3450983300-2090305916-611037370-1001\...\0calories.net -> 0calories.net
    IE restricted site: HKU\S-1-5-21-3450983300-2090305916-611037370-1001\...\0cj.net -> 0cj.net
    IE restricted site: HKU\S-1-5-21-3450983300-2090305916-611037370-1001\...\0scan.com -> 0scan.com
    IE restricted site: HKU\S-1-5-21-3450983300-2090305916-611037370-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
    IE restricted site: HKU\S-1-5-21-3450983300-2090305916-611037370-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-3450983300-2090305916-611037370-1001\...\1-se.com -> 1-se.com
    IE restricted site: HKU\S-1-5-21-3450983300-2090305916-611037370-1001\...\1001movie.com -> 1001movie.com

    There are 6091 more sites.


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3450983300-2090305916-611037370-1001\Control Panel\Desktop\\Wallpaper ->
    DNS Servers: 8.26.56.26 - 156.154.70.22
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupreg: GameXN GO => "C:\ProgramData\GameXN\GameXNGO.exe" /startup

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{2191AB8A-C6E7-406B-B51E-DDA372AE2F4E}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
    FirewallRules: [{66B063D7-94F0-4D58-9084-20449FE53024}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
    FirewallRules: [{8941D56F-4CCB-41D5-9E8C-B3C074144670}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [TCP Query User{990DEF07-5D49-48A8-9F90-08645620FC26}C:\program files (x86)\k1rfd\echolink\echolink.exe] => (Allow) C:\program files (x86)\k1rfd\echolink\echolink.exe
    FirewallRules: [UDP Query User{AC78979C-B036-476F-8420-AE2E425596CD}C:\program files (x86)\k1rfd\echolink\echolink.exe] => (Allow) C:\program files (x86)\k1rfd\echolink\echolink.exe
    FirewallRules: [{8458A563-B4CD-4D48-94A7-FCE045DD3BB1}] => (Allow) C:\Program Files (x86)\Disconnect\Disconnect Desktop\\openvpn\bin\openvpn.exe
    FirewallRules: [{AD197833-5069-41E2-9D91-BEF18CE3951C}] => (Allow) C:\Program Files (x86)\Disconnect\Disconnect Desktop\\openvpn\bin\openvpnserv.exe
    FirewallRules: [{D08BA9A1-8E99-4399-BE4F-7607E0DE475A}] => (Allow) C:\Program Files (x86)\pandasecuritytb\ToolbarCleaner.exe
    FirewallRules: [{B174874F-A013-4FEC-97D5-52EDB2B84917}] => (Allow) C:\Program Files (x86)\pandasecuritytb\ToolbarCleaner.exe
    FirewallRules: [{A2B843DC-776A-4B8E-AA7B-6BD87FBC8F4B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{1AF0E21F-2D22-4BDD-8597-4BA8AB3C7DDE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [TCP Query User{99BC5591-1871-4E31-BF2F-B73F887767D5}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe
    FirewallRules: [UDP Query User{FC35B86D-DC98-4DB7-994A-1169825CD60E}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe
    FirewallRules: [TCP Query User{7C67496B-C975-47B2-8C55-417FDAF04782}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe
    FirewallRules: [UDP Query User{D1C08B72-6109-45C2-8B8C-C3B5A3530BC8}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe
    FirewallRules: [{A19B7B0A-2EF1-48CE-B307-8F91B4094DE4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{C5274381-C01D-4E03-8214-DB93391B66F1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

    ==================== Faulty Device Manager Devices =============

    Name: Teredo Tunneling Pseudo-Interface
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: adgnetworktdidrv
    Description: adgnetworktdidrv
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: adgnetworktdidrv
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.

    Name: Logitech Mic (Webcam Pro 9000)
    Description: Logitech Mic (Webcam Pro 9000)
    Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
    Manufacturer: Logitech
    Service: usbaudio
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (11/11/2015 05:50:03 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: FRST64.exe, version: 7.11.2015.0, time stamp: 0x563e1f63
    Faulting module name: FRST64.exe, version: 7.11.2015.0, time stamp: 0x563e1f63
    Exception code: 0xc0000005
    Fault offset: 0x0000000000026514
    Faulting process id: 0x22e8
    Faulting application start time: 0xFRST64.exe0
    Faulting application path: FRST64.exe1
    Faulting module path: FRST64.exe2
    Report Id: FRST64.exe3

    Error: (11/11/2015 04:15:14 PM) (Source: VSS) (EventID: 8194) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {bdd861f1-8b75-49d1-8a63-72c75a0e4612}

    Error: (11/11/2015 04:07:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (11/11/2015 03:55:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (11/11/2015 03:54:50 PM) (Source: VSS) (EventID: 8194) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {223b3dc9-0627-4e08-be89-bf30132bb871}

    Error: (11/11/2015 03:05:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (11/11/2015 10:39:42 AM) (Source: VSS) (EventID: 8194) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {e0687770-46dd-4d48-b87f-b51004cb7688}

    Error: (11/11/2015 10:22:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (11/11/2015 05:11:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (11/10/2015 10:33:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


    System errors:
    =============
    Error: (11/11/2015 04:05:55 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    adgnetworktdidrv

    Error: (11/11/2015 04:05:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The panda_url_filtering Service service failed to start due to the following error:
    %%2

    Error: (11/11/2015 04:05:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Foxit Cloud Safe Update Service service failed to start due to the following error:
    %%2

    Error: (11/11/2015 03:58:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Everything service terminated unexpectedly. It has done this 1 time(s).

    Error: (11/11/2015 03:58:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The UMVPFSrv service terminated unexpectedly. It has done this 1 time(s).

    Error: (11/11/2015 03:54:01 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    adgnetworktdidrv

    Error: (11/11/2015 03:53:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The panda_url_filtering Service service failed to start due to the following error:
    %%2

    Error: (11/11/2015 03:53:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Foxit Cloud Safe Update Service service failed to start due to the following error:
    %%2

    Error: (11/11/2015 03:04:46 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    adgnetworktdidrv

    Error: (11/11/2015 03:04:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The panda_url_filtering Service service failed to start due to the following error:
    %%2


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5-2320 CPU @ 3.00GHz
    Percentage of memory in use: 33%
    Total physical RAM: 8040.37 MB
    Available physical RAM: 5351.71 MB
    Total Virtual: 16078.95 MB
    Available Virtual: 13338.52 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:906.34 GB) (Free:856.38 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: CE4CA624)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=906.3 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=25.1 GB) - (Type=12)

    ==================== End of Addition.txt ============================
     
  5. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi N3,

    There is no obvious signs of Spyware Terminator in the reports, but I have added the default path for the program so if it's there It will be removed.
    There are a few other things we should address.

    FRST has flagged an adware program..... but it's marked as hidden.
    After you run the FRST fix you should be able to see it.
    I recommend you then uninstall it.

    I take it that the Group Policies have been added by CryptoPrevent .... so we'll leave those alone.

    The fix will also reset your Hosts file, so you will need to reactive the settings in Spyware Blaster again after the fix has run.

    Please download the attached fixlist.txt file (bottom of this post) and save it to the Desktop.
    NOTE.
    It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine.
    Running this on another machine may cause damage to your operating system


    Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait.

    2cf1672fdd2151dad6f349c704143429.png

    The tool will make a log on the Desktop (Fixlog.txt). Please post this in your next reply.

    Thanks
     

    Attached Files:

  6. N3

    N3 Registered Members

    Joined:
    Dec 26, 2013
    Messages:
    332
    Operating System:
    Windows 7
    Computer Brand or Motherboard:
    Lenovo
    Please excuse my ignorance but you mentioned, "It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work." I don't understand "the same location"?
     
  7. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    FRST is Running from C:\Users\N3\Desktop
    This is the same location that the fix list needs to be in.
    So..... just make sure that the fix list is downloaded to your desktop.
    Then follow the instructions to run the fix.
     
  8. seedy21

    seedy21 Malware Removal Specialist - Moderator Moderator

    Joined:
    Jun 20, 2013
    Messages:
    54
    Operating System:
    Windows XP Professional
    Hi N3

    Can you confirm that FRST is still on your desktop?

    We are going to make the fixlist this time.

    8af210d264cb3aff203eaabc43076090.gif Fix with Farbar Recovery Scan Tool

    321f8e31ee3e48f8fa57cc64be3ee51a.gif This fix was created for this user for use on that particular machine. 321f8e31ee3e48f8fa57cc64be3ee51a.gif
    321f8e31ee3e48f8fa57cc64be3ee51a.gif Running it on another one may cause damage and render the system unstable. 321f8e31ee3e48f8fa57cc64be3ee51a.gif

    Press the 8306188377724a4ed8c32aca982e209a.png + R on your keyboard at the same time. Type Notepad and click OK.
    • Copy the entire content of the codebox below and paste into the Notepad document:
      Code:
      start
      SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
      SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
      SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
      Toolbar: HKU\S-1-5-21-3450983300-2090305916-611037370-1001 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
      R2 Everything; C:\Program Files (x86)\Everything\Everything.exe [1048576 2014-08-05] () [File not signed] <==== ATTENTION
      S2 FoxitCloudUpdateService; "C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe" [X]
      S2 panda_url_filtering; C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filteringb.exe -- [X]
      S1 adgnetworktdidrv; system32\drivers\adgnetworktdidrv.sys [X]
      S3 panda_url_filteringd; \??\C:\ProgramData\Panda Security URL Filtering\panda_url_filteringd.sys [X]
      C:\ProgramData\flashax10.exe
      C:\ProgramData\fontcacheev1.dat
      AccountService (Version: 1.1.66 - Kromtech) Hidden <==== ATTENTION
      Task: {51FAACB9-F17D-458D-A2A5-877294FD4E33} - \CryptoMonitor_SU -> No File <==== ATTENTION
      Task: {7E51568F-A5C5-4E46-9621-C1D7846334F6} - \{38357D1D-4334-4C36-B8B4-660BA9F1D0A1} -> No File <==== ATTENTION
      Task: {841CC7E8-B8A6-4416-9D18-006E2334B5B3} - \{CB4753C3-2AFC-4EA2-80F3-ED8F7C28D6A6} -> No File <==== ATTENTION
      AlternateDataStreams: C:\ProgramData\Temp:5C321E34
      FirewallRules: [{2191AB8A-C6E7-406B-B51E-DDA372AE2F4E}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
      FirewallRules: [{66B063D7-94F0-4D58-9084-20449FE53024}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
      C:\Program Files\spyware terminator
      CMD: ipconfig /flushdns
      Hosts:
      EmptyTemp:
      end
    • Click File, Save As and type fixlist.txt as the File Name.
    Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
    • Right-click on 8af210d264cb3aff203eaabc43076090.gif icon and select 088dd3935ec8c6e19ca360f86d4bdee5.jpg Run as Administrator to start the tool.
      (XP users click run after receipt of Windows Security Warning - Open File).
    • Press the Fix button just once and wait.
    • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
    Please post it to your reply.
     
  9. N3

    N3 Registered Members

    Joined:
    Dec 26, 2013
    Messages:
    332
    Operating System:
    Windows 7
    Computer Brand or Motherboard:
    Lenovo
    I have FRST - Notepad on my desktop.
     
  10. seedy21

    seedy21 Malware Removal Specialist - Moderator Moderator

    Joined:
    Jun 20, 2013
    Messages:
    54
    Operating System:
    Windows XP Professional
    Hi N3

    How far did you get with my instructions above?



     
  11. N3

    N3 Registered Members

    Joined:
    Dec 26, 2013
    Messages:
    332
    Operating System:
    Windows 7
    Computer Brand or Motherboard:
    Lenovo
    I typed fixlist.txt as the file name in the "Save As" window. Do i click "save" or leave it alone?
     
    Last edited: Nov 18, 2015
  12. seedy21

    seedy21 Malware Removal Specialist - Moderator Moderator

    Joined:
    Jun 20, 2013
    Messages:
    54
    Operating System:
    Windows XP Professional
    Correct Click "Save" and then close down Notepad.

    Then continue with the instructions. If you get stuck, let me know and I will guide you.
     
  13. N3

    N3 Registered Members

    Joined:
    Dec 26, 2013
    Messages:
    332
    Operating System:
    Windows 7
    Computer Brand or Motherboard:
    Lenovo
    When i clicked "save" i get a message, "To save here, you must first include a folder in the library."
     
  14. seedy21

    seedy21 Malware Removal Specialist - Moderator Moderator

    Joined:
    Jun 20, 2013
    Messages:
    54
    Operating System:
    Windows XP Professional
    When you go to save the file you need to make sure you select the desktop as the place to save the file.

    I have attached an image to show you want you can click to do this

    Untitled.png
     
  15. N3

    N3 Registered Members

    Joined:
    Dec 26, 2013
    Messages:
    332
    Operating System:
    Windows 7
    Computer Brand or Motherboard:
    Lenovo
    I saved it to "Desktop". Now i still have the "fixlist - Notepad" window open. Do you want me to remove it by clicking the "X" located in the upper right hand corner of the window?
     
  16. seedy21

    seedy21 Malware Removal Specialist - Moderator Moderator

    Joined:
    Jun 20, 2013
    Messages:
    54
    Operating System:
    Windows XP Professional
    That is correct
     
  17. N3

    N3 Registered Members

    Joined:
    Dec 26, 2013
    Messages:
    332
    Operating System:
    Windows 7
    Computer Brand or Motherboard:
    Lenovo
    Fix result of Farbar Recovery Scan Tool (x64) Version:16-11-2015
    Ran by N3 (2015-11-19 12:11:23) Run:1
    Running from C:\Users\N3\Desktop
    Loaded Profiles: N3 (Available Profiles: N3)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    start
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    Toolbar: HKU\S-1-5-21-3450983300-2090305916-611037370-1001 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
    R2 Everything; C:\Program Files (x86)\Everything\Everything.exe [1048576 2014-08-05] () [File not signed] <==== ATTENTION
    S2 FoxitCloudUpdateService; "C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe" [X]
    S2 panda_url_filtering; C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filteringb.exe -- [X]
    S1 adgnetworktdidrv; system32\drivers\adgnetworktdidrv.sys [X]
    S3 panda_url_filteringd; \??\C:\ProgramData\Panda Security URL Filtering\panda_url_filteringd.sys [X]
    C:\ProgramData\flashax10.exe
    C:\ProgramData\fontcacheev1.dat
    AccountService (Version: 1.1.66 - Kromtech) Hidden <==== ATTENTION
    Task: {51FAACB9-F17D-458D-A2A5-877294FD4E33} - \CryptoMonitor_SU -> No File <==== ATTENTION
    Task: {7E51568F-A5C5-4E46-9621-C1D7846334F6} - \{38357D1D-4334-4C36-B8B4-660BA9F1D0A1} -> No File <==== ATTENTION
    Task: {841CC7E8-B8A6-4416-9D18-006E2334B5B3} - \{CB4753C3-2AFC-4EA2-80F3-ED8F7C28D6A6} -> No File <==== ATTENTION
    AlternateDataStreams: C:\ProgramData\Temp:5C321E34
    FirewallRules: [{2191AB8A-C6E7-406B-B51E-DDA372AE2F4E}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
    FirewallRules: [{66B063D7-94F0-4D58-9084-20449FE53024}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
    C:\Program Files\spyware terminator
    CMD: ipconfig /flushdns
    Hosts:
    EmptyTemp:
    end
    *****************

    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
    HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
    HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
    HKU\S-1-5-21-3450983300-2090305916-611037370-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{71576546-354D-41C9-AAE8-31F2EC22BF0D} => value removed successfully
    HKCR\CLSID\{71576546-354D-41C9-AAE8-31F2EC22BF0D} => key not found.
    Everything => Service stopped successfully.
    Everything => service removed successfully
    FoxitCloudUpdateService => service removed successfully
    panda_url_filtering => service removed successfully
    adgnetworktdidrv => service removed successfully
    panda_url_filteringd => service removed successfully
    C:\ProgramData\flashax10.exe => moved successfully
    C:\ProgramData\fontcacheev1.dat => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D759D18-9594-430B-BA12-1C3C7975DBD5}\\SystemComponent => value removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{51FAACB9-F17D-458D-A2A5-877294FD4E33}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{51FAACB9-F17D-458D-A2A5-877294FD4E33}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CryptoMonitor_SU" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7E51568F-A5C5-4E46-9621-C1D7846334F6}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E51568F-A5C5-4E46-9621-C1D7846334F6}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{38357D1D-4334-4C36-B8B4-660BA9F1D0A1}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{841CC7E8-B8A6-4416-9D18-006E2334B5B3}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{841CC7E8-B8A6-4416-9D18-006E2334B5B3}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CB4753C3-2AFC-4EA2-80F3-ED8F7C28D6A6}" => key removed successfully
    C:\ProgramData\Temp => ":5C321E34" ADS removed successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2191AB8A-C6E7-406B-B51E-DDA372AE2F4E} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{66B063D7-94F0-4D58-9084-20449FE53024} => value removed successfully
    "C:\Program Files\spyware terminator" => not found.

    ========= ipconfig /flushdns =========


    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========

    C:\Windows\System32\Drivers\etc\hosts => moved successfully
    Hosts restored successfully.
    EmptyTemp: => 402.9 MB temporary data Removed.


    The system needed a reboot.

    ==== End of Fixlog 12:11:41 ====
     
  18. seedy21

    seedy21 Malware Removal Specialist - Moderator Moderator

    Joined:
    Jun 20, 2013
    Messages:
    54
    Operating System:
    Windows XP Professional
    Hi N3

    Good Job. The script has run successfully. Lets continue ...

    Step 1

    • Click on Start -> Control Panel -> Add/Remove Programs
    • Uninstall the following Programs:-

      AccountService
      Java 8 Update 65
    • Close the Add/Remove Programs and Control Panel
    • Restart your computer

    Step 2

    d30ea5d49c5d5e4d5eb8bb4f84873a8f.png Scan with ESET Online Scanner

    This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.
    Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
    Please visit ESET Online Scanner website.
    Click there Run ESET Online Scanner.

    If using Internet Explorer:
    • Accept the Terms of Use and click Start.
    • Allow the running of add-on.
    If using Mozilla Firefox or Google Chrome:
    • Download esetsmartinstaller_enu.exe that you'll be given link to.
    • Double click esetsmartinstaller_enu.exe.
    • Allow the Terms of Use and click Start.
    To perform the scan:
    • Make sure that Remove found threats is unchecked.
    • Scan archives is checked.
    • In Advanced Settings: Scan for potentially unwanted applications, Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
    • Click Start
    • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
    • When completed, the program will begin to scan. This may take several hours. Please, be patient.
    • Do not do anything on your machine as it may interrupt the scan.
    • When the scan is done, click Finish.
    • A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.
    Please include this logfile in your next reply.Don't forget to re-enable previously switched-off protection software!
     
  19. N3

    N3 Registered Members

    Joined:
    Dec 26, 2013
    Messages:
    332
    Operating System:
    Windows 7
    Computer Brand or Motherboard:
    Lenovo
    ESETSmartInstaller@High as downloader log:
    all ok
    # product=EOS
    # version=8
    # OnlineScannerApp.exe=1.0.0.1
    # EOSSerial=32cbf800b92fbe4faf4ffa292ffac61b
    # end=init
    # utc_time=2015-11-19 10:59:50
    # local_time=2015-11-19 05:59:50 (-0500, Eastern Standard Time)
    # country="United States"
    # osver=6.1.7601 NT Service Pack 1
    # nod_component=V3 Build:0x30000000
    Update Init
    Update Download
    Update Finalize
    Updated modules version: 26806
    # product=EOS
    # version=8
    # OnlineScannerApp.exe=1.0.0.1
    # EOSSerial=32cbf800b92fbe4faf4ffa292ffac61b
    # end=updated
    # utc_time=2015-11-19 11:23:08
    # local_time=2015-11-19 06:23:08 (-0500, Eastern Standard Time)
    # country="United States"
    # osver=6.1.7601 NT Service Pack 1
    # nod_component=V3 Build:0x30000000
    # product=EOS
    # version=8
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.7777
    # api_version=3.1.1
    # EOSSerial=32cbf800b92fbe4faf4ffa292ffac61b
    # engine=26806
    # end=finished
    # remove_checked=false
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2015-11-19 11:54:30
    # local_time=2015-11-19 06:54:30 (-0500, Eastern Standard Time)
    # country="United States"
    # lang=1033
    # osver=6.1.7601 NT Service Pack 1
    # compatibility_mode_1=''
    # compatibility_mode=5893 16776574 100 94 5918364 199520720 0 0
    # compatibility_mode_1='ESET NOD32 Antivirus 8.0'
    # compatibility_mode=8229 16777213 100 100 5629052 11110144 0 0
    # scanned=142049
    # found=1
    # cleaned=0
    # scan_time=1882
    # nod_component=V3 Build:0x30000000
    sh=F1EFF6451CED129C0E5C0A510955F234A01158A0 ft=1 fh=332b4278a72373e2 vn="a variant of Win32/Toolbar.Babylon.E potentially unwanted application" ac=I fn="C:\Users\N3\Downloads\Unlocker1.9.2.exe"
     
  20. seedy21

    seedy21 Malware Removal Specialist - Moderator Moderator

    Joined:
    Jun 20, 2013
    Messages:
    54
    Operating System:
    Windows XP Professional
    Hi N3

    How is your machine running? Do you have any further issues ?
     

Share This Page